September 2024 - rwth-security - lists.rwth-aachen.de

Linux 6.12 Landing Integrity Policy Enforcement "IPE" Module
by Bernd Kohler 18 Sep '24

18 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Linux 6.12 Landing Integrity Policy Enforcement "IPE" Module" --> "... part of the Linux Security Modules (LSM) updates for the Linux 6.12 kernel is the new Integrity Policy Enforcement (IPE) ..." --> "... Integrity Policy Enforcement is an alternative to access controls ..." VG Bernd [0] https://www.phoronix.com/news/Linux-6.12-IPE-LSM-Security -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

VMware Patches Remote Code Execution Flaw Found in Chinese Hacking
by Bernd Kohler 18 Sep '24

18 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest" VG Bernd [0] https://www.securityweek.com/vmware-patches-remote-code-execution-flaw-foun… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Chrome switching to NIST-approved ML-KEM quantum encryption
by Bernd Kohler 17 Sep '24

17 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Chrome switching to NIST-approved ML-KEM quantum encryption" VG Bernd [0] https://www.bleepingcomputer.com/news/security/chrome-switching-to-nist-app… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

CVE-2024-38816: Spring Framework Path Traversal Vulnerability
by Kohler, Bernd 16 Sep '24

16 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "CVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions" VG Bernd [0] https://securityonline.info/cve-2024-38816-spring-framework-path-traversal-… --- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Seffenter Weg 23 52074 Aachen Tel: +49 241 80-29793 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via
by Bernd Kohler 13 Sep '24

13 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram" VG Bernd [0] https://hackread.com/android-malware-ajina-banker-steal-2fa-codes-telegram/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0

New Linux Malware Campaign Exploits Oracle Weblogic to Mine
by Bernd Kohler 13 Sep '24

13 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency" VG Bernd [0] https://thehackernews.com/2024/09/new-linux-malware-campaign-exploits.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt
by Bernd Kohler 12 Sep '24

12 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library" VG Bernd [0] https://www.securityweek.com/microsoft-adds-support-for-post-quantum-algori… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9),
by Bernd Kohler 12 Sep '24

12 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges Immediate Update" --> "... upgrading to 17.3.2, 17.2.5, or 17.1.7 is critical to maintaining the security and integrity of your GitLab environment ..." VG Bernd [0] https://securityonline.info/gitlab-issues-critical-security-patch-for-cve-2… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 E-Mail: kohler(a)itc.rwth-aachen.de Web: https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Windows into the Past: Exploiting Legacy Crypto in Modern OS’s Kerberos Implementation
by Bernd Kohler 10 Sep '24

10 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Windows into the Past: Exploiting Legacy Crypto in Modern OS’s Kerberos Implementation" --> git Repo [1] "KerberosSmartcardPaddingOracleAttack" VG Bernd [0] https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf [1] https://github.com/MichalSha/KerberosSmartcardPaddingOracleAttack/?tab=read… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/c/ITCenterRWTHAachen

1 0

Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature
by Bernd Kohler 09 Sep '24

09 Sep '24

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature" VG Bernd [0] https://techcrunch.com/2024/09/09/bug-lets-anyone-bypass-whatsapps-view-onc… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

1 0